Glossary - S

S/MIME

SA

SACL

Safe mode

A method of starting Windows using only basic files and drivers. Safe mode is available by pressing the F8 key during startup. This allows you to start the computer when a problem prevents it from starting correctly.

Safe Mode with Command Prompt

A method of starting Windows using basic files and drivers only, without networking, and with only a command prompt displayed. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.

Safe Mode with Networking

A method of starting Windows using only basic files, drivers, and networking. This mode is available by pressing the F8 key when prompted during startup. This allows you to start your computer when a problem prevents it from starting normally.

saturation

SBM

scalability

A measure of how well a computer, service, or application can grow to meet increasing performance demands. For server clusters, the ability to incrementally add one or more systems to an existing cluster when the overall load of the cluster exceeds its capabilities.

scavenging

Schannel

schema

The set of definitions for the universe of objects that can be stored in a directory. For each object class, the schema defines which attributes an instance of the class must have, which additional attributes it can have, and which other object classes can be its parent object class.

See also:
attributedirectory partitionobjectobject classparent object

schema master

A domain controller that holds the schema operations master role in Active Directory. The schema master performs write operations to the directory schema and replicates updates to all other domain controllers in the forest. At any time, the schema master role can be assigned to only one domain controller in the forest.

scope of influence

scope of management (SOM)

In Group Policy, any Active Directory container to which you can link a Group Policy object (GPO). These containers can be sites, domains, or organizational units.

See also:
Active DirectoryGroup PolicyGroup Policy object (GPO)

screen font

A typeface designed for display on a computer monitor screen. A screen font often has an accompanying PostScript font for printing to PostScript-compatible printers.

See also:
fontPostScript

screen resolution

The setting that determines the amount of information that appears on your screen, measured in pixels. Low resolution, such as 640 x 480, makes items on the screen appear large, although the screen area is small. High resolution, such as 1024 x 768, makes the overall screen area large, although individual items appear small.

See also:
pixel

screen saver

A moving picture or pattern that appears on a computer screen when the mouse or keyboard has not been used for a specified period of time.

SCSI

SDP

secondary cluster

A specific virtual IP address assigned to a Network Load Balancing cluster (the &quot;primary cluster&quot;). The secondary cluster`s virtual IP address is different than the primary cluster`s virtual IP address. Secondary clusters allow you to configure an independent set of port rules for each virtual IP address in your Network Load Balancing (primary) cluster. Also known as a virtual cluster.

See also:
clusterNetwork Load Balancingvirtual IP address

secondary logon

The practice of logging on by using one security context and then, within the initial logon session, authenticating and using a second account. In Windows&nbsp;2000, Windows&nbsp;XP Professional, and the Windows Server&nbsp;2003 family, secondary logon is enabled by the RunAs.exe program and service.

See also:
authentication

secondary zone

A read-only copy of a DNS zone that is transferred from an authoritative DNS server to another DNS server to provide redundancy.

See also:
authoritativeDNS serverDNS zoneDomain Name System (DNS)primary zonezone

second-level domain

A DNS domain name that is rooted hierarchically at the second tier of the domain namespace, directly beneath the top-level domain names. Top-level domain names include .com and .org. When DNS is used on the Internet, second-level domains are names that are registered and delegated to individual organizations and businesses.

See also:
domain nameDomain Name System (DNS)parent domaintop-level domains

sector

A 512-byte unit of physical storage on a hard disk. Windows file systems allocate storage in clusters, where a cluster is one or more contiguous sectors.

secure dynamic update

The process in which a DNS client submits a dynamic update request to a DNS server and the DNS server performs the update only if the client is authenticated.

See also:
authenticationDNS clientDNS serverdynamic update

Secure Hash Algorithm (SHA-1)

An algorithm that generates a 160-bit hash value from an arbitrary amount of input data. SHA-1 is used with the Digital Signature Algorithm (DSA) in the Digital Signature Standard (DSS), among other places.

See also:
Digital Signature Standard (DSS)hash algorithm

Secure Hypertext Transfer Protocol

Secure Sockets Layer (SSL)

A proposed open standard for establishing a secure communications channel to prevent the interception of critical information, such as credit card numbers. Primarily, it enables secure electronic financial transactions on the World Wide Web, although it is designed to work on other Internet services as well.

See also:
Internet

secure zone

A DNS zone that is stored in Active Directory and to which access control list (ACL) security features are applied.

See also:
access control list (ACL)Active DirectoryDNS zoneDomain Name System (DNS)

Secure/Multipurpose Internet Mail Extensions (S/MIME)

An extension of MIME that supports secure mail. It enables message originators to digitally sign e-mail messages to provide proof of message origin and data integrity. It also enables messages to be transmitted in encrypted format to provide confidential communications.

See also:
public key encryption

security

On a network, protection of a computer system and its data from harm or loss, implemented especially so that only authorized users can gain access to shared files.

See also:
authorization

Security Accounts Manager (SAM)

A Windows service used during the logon process. SAM maintains user account information, including groups to which a user belongs.

security association (SA)

A combination of identifiers, which together define Internet Protocol security (IPSec) that protects communication between sender and receiver. An SA is identified by the combination of a Security Parameters Index (SPI), destination IP address, and security protocol (Authentication Header (AH) or Encapsulating Security Payload (ESP)). An SA must be negotiated before secured data can be sent.

security context

The security attributes or rules that are currently in effect. For example, the rules that govern what a user can do to a protected object are determined by security information in the user`s access token and in the object`s security descriptor. Together, the access token and the security descriptor form a security context for the user`s actions on the object.

security descriptor

A data structure that contains security information associated with a protected object. Security descriptors include information about who owns the object, who can access it and in what way, and what types of access are audited.

security event

An event that is logged in the security log in Event Viewer. All events that are logged in the security log are auditing events, and they can be divided into the following event categories: account logon, account management, directory service access, logon, object access, policy change, privilege use, process tracking, or system.

security filtering

security group

A group that can be listed in discretionary access control lists (DACLs) used to define permissions on resources and objects. A security group can also be used as an e-mail entity. Sending an e-mail message to the group sends the message to all the members of the group.

See also:
discretionary access control list (DACL)group

security host

An authentication device, supplemental to standard Windows and remote access server security, that verifies whether a caller from a remote client is authorized to connect to the remote access server.

See also:
authenticationremote accessremote access server

security ID (SID)

A data structure of variable length that identifies user, group, and computer accounts. Every account on a network is issued a unique SID when the account is first created. Internal processes in Windows refer to an account`s SID rather than the account's user or group name.

See also:
group accountuser accountuser name

security log

An event log containing information about security events that are specified in the audit policy.

See also:
audit policyevent

security package

The software implementation of a security protocol. Security packages are contained in security support provider dynamic-link libraries (DLLs) or in security support provider/authentication package DLLs.

Security Parameters Index (SPI)

A unique, identifying value in the security association (SA) used to distinguish among multiple SAs existing at the receiving computer.

security principal name

security protocol

A specification that defines security-related data objects and rules about how the objects are used to maintain security on a computer system.

security support provider (SSP)

A dynamic-link library (DLL) that implements the Security Support Provider Interface (SSPI) by making one or more security packages available to applications. Each security package provides mappings between an application`s SSPI function calls and an actual security model`s functions. Security packages support security protocols such as Kerberos and NTLM.

Security Support Provider Interface (SSPI)

A common interface between transport-level applications, such as Microsoft Remote Procedure Call (RPC), and security support providers (SSPs), such as Windows Distributed Security. SSPI allows a transport application to call one of the SSPs to obtain an authenticated connection. These calls do not require extensive knowledge of the security protocol`s details.

security template

A physical file representation of a security configuration that can be applied to a local computer or imported to a Group Policy object (GPO) in Active Directory. When you import a security template to a GPO, Group Policy processes the template and makes the corresponding changes to the members of that GPO, which can be users or computers.

See also:
Active DirectoryGroup PolicyGroup Policy object (GPO)

security token

A cryptographically signed data unit that expresses one or more claims.

security token service

A Web service that issues security tokens. A security token service makes assertions based on evidence that it trusts to whoever trusts it. To communicate trust, this service requires proof, such as a security token or set of security tokens, and it issues a security token with its own trust statement. (Note that for some security token formats, this can simply be a reissuance or cosignature.) In Active Directory Federation Services (ADFS), the Federation Service is a security token service.

See Files

The Macintosh-style privilege that allows you to see any files in the folders for which you have this privilege. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.

See Folders

The Macintosh-style privilege that allows you to see folders for which you have this privilege but not any files those folders might contain. When Services for Macintosh translates Macintosh-style privileges into Windows permissions, you are granted Read permission for any folders for which you have the See Files and See Folders privileges.

seed router

A router that initializes and broadcasts network numbers and zones about one or more physical AppleTalk networks. Servers that are running the AppleTalk protocol can function as seed routers. You can also use hardware routers from other companies as seed routers.

See also:
routerzone

sending member

Between a pair of replicating servers, the member that is sending replicated content over a connection.

Serial Line Internet Protocol (SLIP)

An older industry standard that is part of Windows remote access client to ensure interoperability with other remote access software.

See also:
remote access

serial port

An interface on the computer that allows asynchronous transmission of data characters one bit at a time. Also called a communication port or COM port.

See also:
communication portport

server

A computer that provides shared resources, such as files or printers, to network users.

server application

Application software running on a cluster node, regardless of whether it does service registration.

See also:
node

server cluster

A group of computers, known as nodes, working together as a single system to ensure that mission-critical applications and resources remain available to clients. A server cluster presents the appearance of a single server to a client.

server farm

Server for NIS

A feature of Windows that enables a Windows–based Active Directory domain controller to administer Network Information Service (NIS) networks.

Server Message Block (SMB)

A file-sharing protocol designed to allow networked computers to transparently access files that reside on remote systems over a variety of networks. The SMB protocol defines a series of commands that pass information between computers. SMB uses four message types: session control, file, printer, and message.

See also:
protocol

Server Operators group

A group whose members can manage all domain controllers in a single domain. This group does not exist on workstations, stand-alone servers, or member servers. Administrative tasks that can be performed by members of this group include logging on locally, creating and deleting network shared resources, starting and stopping services, backing up and restoring files, formatting the hard disk of the computer, and shutting down the computer.

server zone

Server-Gated Cryptography (SGC)

An extension of Secure Sockets Layer (SSL) that enables organizations, such as financial institutions, that have export versions of Internet Information Services (IIS) to use strong encryption (for example, 128-bit encryption).

service

A program, routine, or process that performs a specific system function to support other programs, particularly at a low (close to the hardware) level. When services are provided over a network, they can be published in Active Directory, facilitating service-centric administration and usage. Some examples of services are the Security Accounts Manager service, File Replication Service (FRS), and Routing and Remote Access service.

service (SRV) resource record

A DNS resource record used to identify computers that host specific services, specified in RFC&nbsp;2782. SRV resource records are used to locate domain controllers for Active Directory.

See also:
Active Directorydomain controllerDomain Name System (DNS)Request for Comments (RFC)resource record (RR)

Service Advertising Protocol (SAP)

A NetWare protocol used to identify the services and addresses of servers attached to the network. When a server starts, it uses the protocol to advertise its service. When the same server goes offline, it uses the protocol to announce that it is no longer available. NWLink IPX/SPX/NetBIOS Compatible Transport Protocol (NWLink) uses SAP to locate NetWare servers and services.

Service Pack

A software upgrade to an existing software distribution that contains updated files consisting of patches and hot fixes.

Service Principal Name (SPN)

A way of referring to a service principal. SPN structures generally follow Internet Engineering Task Force (IETF) naming conventions, and they often include the name of the computer on which the service is running. SPNs may be used to request Kerberos tickets, and they are required for mutual authentication.

Service Profile Identifier (SPID)

An 8-digit to 14-digit number that identifies the services that you order for each B-channel. For example, when you order Primary Rate ISDN, you obtain two phone numbers and two SPIDs from your Integrated Services Digital Network (ISDN) provider. Typical ISDN adapters cannot operate without configuring SPIDs.

service-centric

A service model that does not require that a specific computer be used to complete a task. In a service-centric environment, users need to know only what service they want to use. They do not need to know what computer that service resides on to use it successfully.

session

A logical connection created between two hosts to exchange data. Typically, sessions use sequencing and acknowledgments to send data reliably.
In the context of load balancing TCP/IP traffic, a set of client requests directed to a server. These requests can be invoked with multiple, possibly concurrent, TCP connections. The server program sometimes maintains state information between requests. To preserve access to the server state, Network Load Balancing needs to direct all requests within a session to the same cluster host when load balancing.

session concentration

For Message Queuing, a feature that typically reduces network bandwidth within a site and the number of sessions between sites. Specially configured Message Queuing servers with routing services provide session concentration.

Session Description Protocol (SDP)

A protocol that Telephony API (TAPI) uses to advertise Internet Protocol (IP) multicast conferences. This protocol describes multimedia sessions for the purposes of session announcement, session invitation, and other forms of session initiation. SDP descriptors are stored in Active Directory. SDP is described in RFC 2327 of the Internet Engineering Task Force (IETF).

session key

In Internet Protocol security (IPSec), a value that is used in combination with an algorithm to encrypt or decrypt data that is transferred between computers. A session key is created for every pair of computers to provide enhanced security on computers that have multiple simultaneous active sessions.

set-by-caller callback

In Network Connections, a form of callback in which the user supplies the telephone number that the remote access server uses for callback. This setting spares the user any long-distance telephone charges.

See also:
Network Connectionsremote access server

Setup

The program that installs Windows. Also known as unattended installation, Winnt32.exe, and Winnt.exe.

shared folder permissions

shared printer

A printer that receives input from more than one computer. For example, a printer attached to another computer on the network can be shared so that it is available for you to use. Also called a network printer.

shared resource

Any device, data, or program that is used by more than one program or one other device. For Windows, shared resource refers to any resource that is made available to network users, such as folders, files, printers, and named pipes. Shared resource can also refer to a resource on a server that is available to network users.

shortcut

A link to any item accessible on your computer or on a network, such as a program, file, folder, disk drive, printer, or another computer. You can put shortcuts in various areas, such as on the desktop, on the Start menu, or in specific folders.

See also:
desktop

shortcut trust

A trust that is manually created between two domains in the same forest. The purpose of a shortcut trust is to optimize the interdomain authentication process by shortening the trust path. Shortcut trusts are transitive and can be one-way or two-way.

Simple Object Access Protocol (SOAP)

An XML/HTTP-based protocol for platform-independent access to objects and services on the Web. SOAP defines a message format in XML that travels over the Internet using Hypertext Transfer Protocol (HTTP). By using existing Web protocols (HTTP) and languages (XML), SOAP runs over the existing Internet infrastructure without being tied to any operating system, language, or object model.

Simple TCP/IP Services

simple volume

A dynamic volume made up of disk space from a single dynamic disk. A simple volume can consist of a single region on a disk or multiple regions of the same disk that are linked together. If the simple volume is not a system volume or boot volume, you can extend it within the same disk or onto additional disks. If you extend a simple volume across multiple disks, it becomes a spanned volume. You can create simple volumes only on dynamic disks. Simple volumes are not fault tolerant, but you can mirror them to create mirrored volumes on computers running the Windows&nbsp;2000 Server or Windows Server&nbsp;2003 families of operating systems.

single affinity

Specifies that Network Load Balancing should direct multiple requests from the same client IP address to the same cluster host. This is the default setting for affinity.

See also:
affinityClass C affinityNetwork Load Balancing

Single Instance Store (SIS)

A component that saves disk space on the server by maintaining a single physical copy of all identical files found. If SIS finds a duplicate file on the server, it copies the original file into the SIS store and leaves a link where the original resided. This technology is used only with Remote Installation Services.

See also:
Remote Installation Services (RIS)

single node server cluster

A cluster configuration that has one node and that can be configured with or without external cluster storage devices. For a single node cluster without an external cluster storage device, the local disk is configured as the cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

single quorum device server cluster

A cluster configuration that has two or more nodes and that is configured so that every node is attached to one or more cluster storage device. The cluster configuration data is stored on a single cluster storage device. There are advantages and limitations for each cluster configuration (single node server cluster, single quorum device server cluster, and majority node set server cluster).

single sign-on daemon (SSOD)

SIS

site

One or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure Active Directory access and replication topology to take advantage of the physical network.

site link

An Active Directory object that represents a set of sites that can communicate at uniform cost through some intersite transport. For Internet Protocol (IP) transport, a typical site link connects just two sites and corresponds to an actual wide area network (WAN) link. An IP site link connecting more than two sites might correspond to an asynchronous transfer mode (ATM) backbone connecting more than two clusters of buildings on a large campus or several offices in a large metropolitan area connected via leased lines and IP routers.

site link bridge

An Active Directory object that represents a set of site links, all of whose sites can communicate via some transport. Typically, a site link bridge corresponds to a router (or a set of routers) in an Internet Protocol (IP) network. By default, the Knowledge Consistency Checker (KCC) may form a route through any and all site links in a transitive manner. If this behavior is turned off, each site link represents its own distinct and isolated network. Sets of site links that can be treated as a single route are expressed through a site link bridge. Each bridge represents an isolated communication environment for network traffic.

sleep mode

An energy-saving mode in which the Windows operating system shuts down all unnecessary components, such as the display screen and the disk drive. The computer returns to its former operating status when it is awakened.

See also:
wake-on-LAN

SLIP

small computer system interface (SCSI)

A standard high-speed parallel interface defined by the American National Standards Institute (ANSI). A SCSI interface is used for connecting microcomputers to peripheral devices, such as hard disks and printers, and to other computers and local area networks (LANs).

See also:
devicelocal area network (LAN)

smart card

A credit card&ndash;sized device that is used with an access code to enable certificate-based authentication and single sign-on to the enterprise. Smart cards securely store certificates, public and private keys, passwords, and other types of personal information. A smart card reader attached to the computer reads the smart card.

smart card reader

SMS

SMTP

See other term: Simple Mail Transfer Protocol (SMTP)

snap-in

A type of tool that you can add to a console supported by Microsoft Management Console (MMC). A stand-alone snap-in can be added by itself; an extension snap-in can be added only to extend the function of another snap-in.

See also:
Microsoft Management Console (MMC)

sniffer

An application or device that can read, monitor, and capture network data exchanges and read network packets. If the packets are not encrypted, a sniffer provides a full view of the data inside the packet.

See also:
devicepacket

SNMP

socket

An identifier for a particular service on a particular node on a network. The socket consists of a node address and a port number, which identifies the service. For example, port 80 on an Internet node indicates a Web server. There are two kinds of sockets: streams (bidirectional) and datagrams.

See also:
datagramnodeportprocessraw socket

software decoder

A type of digital video disc (DVD) decoder that allows a DVD drive to display movies on your computer screen. A software decoder uses only software to display movies.

See also:
DVD decoderDVD drivehardware decoder

software restriction policies

A collection of policy settings that define what software can run on a computer, based on the default security level for a Group Policy object (GPO). Exceptions to that default security level can then be defined by certificate rules, hash rules, path rules, registry path rules, and Internet zone rules.

software restriction policies rule

A rule that creates an exception to the default security level that is defined by software restriction policies.
The following types of rules can be created: certificate rules, which recognize software that is digitally signed by an Authenticode software publisher certificate; hash rules, which recognize specific software based on a hash of the software; path rules, which recognize software based on the location in which the software is stored; registry path rules, which recognize software based on the location of the software as it is stored in the registry; and Internet zone rules, which recognize software based on the zone of the Internet from which the software is downloaded.

SOM

source document

The document where a linked or embedded object was originally created.

See also:
embedded objectlinked object

source journaling

For Message Queuing, the process of storing a copy of an outgoing message. Source journaling is configured on a message basis, and it is set by the sending application. When source journaling is enabled, a copy of the message is put in the source journal of the source computer when the message arrives at the destination (target) queue.

See also:
journalMessage Queuingtarget journaling

spanned volume

A dynamic volume consisting of disk space on more than one physical disk. You can increase the size of a spanned volume by extending it onto additional dynamic disks. You can create spanned volumes only on dynamic disks. Spanned volumes are not fault tolerant and cannot be mirrored.

sparse file

A file that is handled in a way that requires much less disk space than would otherwise be needed. Sparse support allows an application to create very large files without committing disk space for those regions of the file that contain only zeros. For example, you can use sparse support to work with a 42-GB file in which you need to write data only to the first 64 KB (the rest of the file is zeroed).

special permissions

On NTFS volumes, a custom set of permissions. You can customize permissions on files and directories by selecting the individual components of the standard sets of permissions.

SPID

split horizon

A route-advertising algorithm that prevents the advertising of routes in the same direction in which they were learned. Split horizon helps prevent routing loops.

See also:
poison reverserouting

splitting

A Briefcase command that separates the copy of the file inside Briefcase from the copy outside Briefcase.

spooling

A process on a server in which print documents are stored on a disk until a printer is ready to process them. A spooler accepts each document from each client, stores it, then sends it to a printer when the printer is ready.

SSL

SSP

SSPI

stand-alone certification authority

A certification authority (CA) that is not integrated with Active Directory.

See also:
Active Directorycertification authority (CA)

stand-alone root

A DFS namespace, the configuration information for which is stored locally on the host server. The path to access the root or a link starts with the host server name. A stand-alone root has only one root target. There is no root-level fault tolerance. Therefore, when the root target is unavailable, the entire DFS namespace is inaccessible.

See also:
DFS namespaceroot target

stand-alone server

A server that runs Windows&nbsp;2000 or Windows Server&nbsp;2003, but does not participate in a domain. A stand-alone server has only its own database of users, and it processes logon requests by itself. A stand-alone server does not share account information with other computers and cannot provide access to domain accounts, but it can participate in a workgroup.

start-of-authority (SOA) resource record

A record that indicates the starting point or original point of authority for information stored in a zone. The SOA resource record (RR) is the first RR created when adding a new zone. It also contains several parameters used by other computers that use DNS to determine how long they will use information for the zone and how often updates are required.

See also:
authoritativeDomain Name System (DNS)resource record (RR)zone

Startrom.com

A program used by Remote Installation Services (RIS) that is the first file downloaded to the client using Trivial File Transfer Protocol (TFTP). Startrom.com is a small program that displays the Press F12 for Network Service Boot prompt. If F12 is pressed within three seconds, the Client Installation Wizard (OSChooser) is downloaded to begin the remote installation process.

startup environment

In dual-boot or multiple-boot systems, the configuration settings that specify which system to start and how each system should be started.

See also:
dual bootmultiple boot

stateless

As related to servers, not involving the update of a server-side database based on a client request. As related to the handling of files, the content of the file is not modified or noticed. For Web servers, a stateless client request, which members of a Network Load Balancing cluster can process, is one that returns a static Web page to the client.

See also:
Network Load Balancing cluster

static dialog box

A scripted dialog box between the client computer and an intermediary device. This kind of dialog box requires no response from the user.

See also:
client

static load balancing

The process of manually moving a group between nodes to balance the load across the nodes.

See also:
groupnode

static routes

Routes in a routing table that are permanent until changed by a network administrator or by an automatically scheduled auto-static update.

See also:
routerrouting

status area

See other term:
notification area

status bar

A line of information related to the current program. The status bar is usually located at the bottom of a window. Not all windows have a status bar.

Stop error

A serious error that affects the operating system and that could place data at risk. The operating system generates an obvious message, a screen with the Stop error, rather than continuing on and possibly corrupting data. Also called a fatal system error.

storage report

A reporting tool that alerts administrators to current disk use trends, as well as to attempts by certain users or groups to save unauthorized files.

storage subsystem

A stand-alone hardware appliance that hosts one or more storage devices (such as disk drives, tape drives, optical drives), and is peripheral to the server or servers that control access to it. Storage subsystems are used to create centralized data repositories, while freeing computing and storage resources on servers.

strict RFC checking

For DNS, a form of domain name checking that examines characters used in DNS names for compliance with DNS naming requirements and valid character usage as specified in RFC 1123, Requirements for Internet Hosts - Applications and Support. For strict RFC compliance, DNS domain names will use name labels made up only of valid uppercase and lowercase letters, number characters, and hyphens (A through Z, a through z, 0 through 9, -), separated by periods.

See also:
domain nameDomain Name System (DNS)labelloose name checkingRequest for Comments (RFC)

string

A group of characters or character bytes handled as a single entity. Computer programs use strings to store and transmit data and commands. Most programming languages consider strings (such as 2674:gstmn) as distinct from numeric values (such as 470924).

See also:
transmitting station ID (TSID) string

striped volume

A dynamic volume that stores data in stripes on two or more physical disks. Data in a striped volume is allocated alternately and evenly (in stripes) across the disks. Striped volumes offer the best performance of all the volumes that are available in Windows, but they do not provide fault tolerance. If a disk in a striped volume fails, the data in the entire volume is lost. You can create striped volumes only on dynamic disks. Striped volumes cannot be mirrored or extended.

strong password

A password that cannot be easily guessed or cracked. A strong password is at least six characters long, does not contain all or part of the user's account name, and contains at least three of the four following categories of characters: uppercase characters, lowercase characters, numbers, and symbols found on the keyboard (such as !, @, #).

See also:
passwordpassword policyweak password

structured query language (SQL)

stub area

An Open Shortest Path First (OSPF) area that does not advertise individual external networks. A stub area blocks external routes and therefore reduces the amount of memory required on the internal routers located in the stub area. To keep the topology database size small, routing to all external networks in a stub area is done through a default route (destination 0.0.0.0 with the subnet mask of 0.0.0.0). In OSPF, any destination that you cannot reach through an intra-area or inter-area router is reachable through the default route.

See also:
Open Shortest Path First (OSPF)routing

stub zone

A copy of a zone that contains only the resource records required to identify the authoritative DNS servers for that zone. A DNS server that hosts a parent zone and a stub zone for one of the parent zone`s delegated child zones can receive updates from the authoritative DNS servers for the child zone.

See also:
authoritativeDNS serverresource record (RR)zone

subdomain

A DNS domain located directly beneath another domain name (the parent domain) in the namespace tree. For example, example.microsoft.com would be a subdomain of the domain microsoft.com. Also called child domain.

See also:
child domaindomainDomain Name System (DNS)parent domain

subject

In public key cryptography, an entity that requests or holds a certificate. A subject can be a user, a computer, or any other device capable of requesting or using a certificate.

See also:
public key cryptography

subkey

An element of the registry that contains entries or other subkeys. A tier of the registry that is immediately below a key or a subtree (if the subtree has no keys).

subtree

superscope

An administrative grouping feature that supports a DHCP server`s ability to use more than scope for each physical interface and subnet. Superscopes are useful under the following conditions: If more DHCP clients must be added to a network than were originally planned, if an Internet Protocol (IP) network is renumbered, or if two or more DHCP servers are configured to provide scope redundancy and fault-tolerant design DHCP service for a single subnet. Each superscope can contain one or more member scopes (also known as child scopes).

switch type

switched virtual circuit (SVC)

A connection established dynamically between devices on an asynchronous transfer mode (ATM) network through the use of signaling.

See also:
asynchronous transfer mode (ATM)

switching hub

A central network device (multiport hub) that forwards packets to specific ports rather than, as in conventional hubs, broadcasting every packet to every port. In this way, the connections between ports deliver the full bandwidth available.

See also:
hubpacketport

symmetric encryption

An encryption algorithm that requires the same secret key to be used for both encryption and decryption. Because of its speed, symmetric encryption is typically used when a message sender needs to encrypt large amounts of data. Also called secret key encryption.

See also:
public key encryption

symmetric key

A single key that is used with symmetric encryption algorithms for both encryption and decryption.

system area network (SAN)

system default profile

The user profile that is loaded when Windows is running and no user is logged on. When the Begin Logon dialog box is visible, the system default profile is loaded.

See also:
user profile

system disk

A disk that contains the MS-DOS system files necessary to start MS-DOS.

See also:
MS-DOS (Microsoft Disk Operating System)

system files

Files used by Windows to load, configure, and run the operating system. Generally, system files must never be deleted or moved.

System menu

A menu that contains commands you can use to manipulate a window or close a program. You click the program icon at the left of the title bar to open the System menu.

system partition

The partition that contains the hardware-specific files needed to load Windows (for example, Ntldr, Osloader, Boot.ini, Ntdetect.com). The system partition can be, but does not have to be, the same as the boot partition.

See also:
boot partitionpartition

System Policy

A Windows&nbsp;NT&nbsp;4.0-style policy based on registry settings made using Poledit.exe, the System Policy Editor.

See also:
policyregistry

System State

In Backup, a collection of system-specific data maintained by the operating system that must be backed up as a unit. It is not a backup of the entire system. The System State data includes the registry, COM+ Class Registration database, system files, boot files, and files under Windows File Protection. For servers, the System State data also includes the Certificate Services database (if the server is a certificate server). If the server is a domain controller, the System State data also includes the Active Directory database and the SYSVOL directory. If the server is a node in a cluster, it includes the Cluster database information. The IIS Metabase is included if Internet Information Services (IIS) is installed.

system variables

Storage locations for data that are defined by the operating system and that are the same regardless of who is logged on at the computer. (Users who are also members of the Administrators group can add new variables or change the values.)

See also:
Administrators group

system volume

The volume that contains the hardware-specific files that are needed to load Windows on x86-based computers with a basic input/output system (BIOS). The system volume can be, but does not have to be, the same volume as the boot volume.

See also:
basic input/output system (BIOS)boot volumevolumex86

systemroot

The path and folder name where the Windows system files are located. Typically, this is C:\Windows, although you can designate a different drive or folder when you install Windows. You can use the value %systemroot% to replace the actual location of the folder that contains the Windows system files. To identify your systemroot folder, click Start, click Run, type %systemroot%, and then click OK.